PasswordConfirmationMiddlewareTest.php 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216
  1. <?php
  2. /**
  3. * @copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
  4. *
  5. * @author Roeland Jago Douma <roeland@famdouma.nl>
  6. *
  7. * @license GNU AGPL version 3 or any later version
  8. *
  9. * This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as
  11. * published by the Free Software Foundation, either version 3 of the
  12. * License, or (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. */
  23. namespace Test\AppFramework\Middleware\Security;
  24. use OC\AppFramework\Middleware\Security\Exceptions\NotConfirmedException;
  25. use OC\AppFramework\Middleware\Security\PasswordConfirmationMiddleware;
  26. use OC\AppFramework\Utility\ControllerMethodReflector;
  27. use OC\Authentication\Token\IProvider;
  28. use OCP\AppFramework\Utility\ITimeFactory;
  29. use OCP\Authentication\Token\IToken;
  30. use OCP\IRequest;
  31. use OCP\ISession;
  32. use OCP\IUser;
  33. use OCP\IUserSession;
  34. use Test\AppFramework\Middleware\Security\Mock\PasswordConfirmationMiddlewareController;
  35. use Test\TestCase;
  36. class PasswordConfirmationMiddlewareTest extends TestCase {
  37. /** @var ControllerMethodReflector */
  38. private $reflector;
  39. /** @var ISession|\PHPUnit\Framework\MockObject\MockObject */
  40. private $session;
  41. /** @var IUserSession|\PHPUnit\Framework\MockObject\MockObject */
  42. private $userSession;
  43. /** @var IUser|\PHPUnit\Framework\MockObject\MockObject */
  44. private $user;
  45. /** @var PasswordConfirmationMiddleware */
  46. private $middleware;
  47. /** @var PasswordConfirmationMiddlewareController */
  48. private $controller;
  49. /** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */
  50. private $timeFactory;
  51. private IProvider|\PHPUnit\Framework\MockObject\MockObject $tokenProvider;
  52. protected function setUp(): void {
  53. $this->reflector = new ControllerMethodReflector();
  54. $this->session = $this->createMock(ISession::class);
  55. $this->userSession = $this->createMock(IUserSession::class);
  56. $this->user = $this->createMock(IUser::class);
  57. $this->timeFactory = $this->createMock(ITimeFactory::class);
  58. $this->tokenProvider = $this->createMock(IProvider::class);
  59. $this->controller = new PasswordConfirmationMiddlewareController(
  60. 'test',
  61. $this->createMock(IRequest::class)
  62. );
  63. $this->middleware = new PasswordConfirmationMiddleware(
  64. $this->reflector,
  65. $this->session,
  66. $this->userSession,
  67. $this->timeFactory,
  68. $this->tokenProvider,
  69. );
  70. }
  71. public function testNoAnnotationNorAttribute() {
  72. $this->reflector->reflect($this->controller, __FUNCTION__);
  73. $this->session->expects($this->never())
  74. ->method($this->anything());
  75. $this->userSession->expects($this->never())
  76. ->method($this->anything());
  77. $this->middleware->beforeController($this->controller, __FUNCTION__);
  78. }
  79. public function testDifferentAnnotation() {
  80. $this->reflector->reflect($this->controller, __FUNCTION__);
  81. $this->session->expects($this->never())
  82. ->method($this->anything());
  83. $this->userSession->expects($this->never())
  84. ->method($this->anything());
  85. $this->middleware->beforeController($this->controller, __FUNCTION__);
  86. }
  87. /**
  88. * @dataProvider dataProvider
  89. */
  90. public function testAnnotation($backend, $lastConfirm, $currentTime, $exception) {
  91. $this->reflector->reflect($this->controller, __FUNCTION__);
  92. $this->user->method('getBackendClassName')
  93. ->willReturn($backend);
  94. $this->userSession->method('getUser')
  95. ->willReturn($this->user);
  96. $this->session->method('get')
  97. ->with('last-password-confirm')
  98. ->willReturn($lastConfirm);
  99. $this->timeFactory->method('getTime')
  100. ->willReturn($currentTime);
  101. $token = $this->createMock(IToken::class);
  102. $token->method('getScopeAsArray')
  103. ->willReturn([]);
  104. $this->tokenProvider->expects($this->once())
  105. ->method('getToken')
  106. ->willReturn($token);
  107. $thrown = false;
  108. try {
  109. $this->middleware->beforeController($this->controller, __FUNCTION__);
  110. } catch (NotConfirmedException $e) {
  111. $thrown = true;
  112. }
  113. $this->assertSame($exception, $thrown);
  114. }
  115. /**
  116. * @dataProvider dataProvider
  117. */
  118. public function testAttribute($backend, $lastConfirm, $currentTime, $exception) {
  119. $this->reflector->reflect($this->controller, __FUNCTION__);
  120. $this->user->method('getBackendClassName')
  121. ->willReturn($backend);
  122. $this->userSession->method('getUser')
  123. ->willReturn($this->user);
  124. $this->session->method('get')
  125. ->with('last-password-confirm')
  126. ->willReturn($lastConfirm);
  127. $this->timeFactory->method('getTime')
  128. ->willReturn($currentTime);
  129. $token = $this->createMock(IToken::class);
  130. $token->method('getScopeAsArray')
  131. ->willReturn([]);
  132. $this->tokenProvider->expects($this->once())
  133. ->method('getToken')
  134. ->willReturn($token);
  135. $thrown = false;
  136. try {
  137. $this->middleware->beforeController($this->controller, __FUNCTION__);
  138. } catch (NotConfirmedException $e) {
  139. $thrown = true;
  140. }
  141. $this->assertSame($exception, $thrown);
  142. }
  143. public function dataProvider() {
  144. return [
  145. ['foo', 2000, 4000, true],
  146. ['foo', 2000, 3000, false],
  147. ['user_saml', 2000, 4000, false],
  148. ['user_saml', 2000, 3000, false],
  149. ['foo', 2000, 3815, false],
  150. ['foo', 2000, 3816, true],
  151. ];
  152. }
  153. public function testSSO() {
  154. static $sessionId = 'mySession1d';
  155. $this->reflector->reflect($this->controller, __FUNCTION__);
  156. $this->user->method('getBackendClassName')
  157. ->willReturn('fictional_backend');
  158. $this->userSession->method('getUser')
  159. ->willReturn($this->user);
  160. $this->session->method('get')
  161. ->with('last-password-confirm')
  162. ->willReturn(0);
  163. $this->session->method('getId')
  164. ->willReturn($sessionId);
  165. $this->timeFactory->method('getTime')
  166. ->willReturn(9876);
  167. $token = $this->createMock(IToken::class);
  168. $token->method('getScopeAsArray')
  169. ->willReturn(['password-unconfirmable' => true]);
  170. $this->tokenProvider->expects($this->once())
  171. ->method('getToken')
  172. ->with($sessionId)
  173. ->willReturn($token);
  174. $thrown = false;
  175. try {
  176. $this->middleware->beforeController($this->controller, __FUNCTION__);
  177. } catch (NotConfirmedException) {
  178. $thrown = true;
  179. }
  180. $this->assertSame(false, $thrown);
  181. }
  182. }